|
|
|
|
|
|
by rabite
1408 days ago
|
|
|
> because it's been proven that you can detect the use of curl|bash Serverside. Sure, but what you're missing is that this argument would also strike down package managers. For example, you could similarly fingerprint the difference in behaviors for apt-get vs normal http utilities and only serve malicious packages to people grabbing via apt (likely someone trying to run the code) vs downloading in a browser or via curl/wget (most likely an auditor). This is trivial to do and of course individual packages as well as entire package delivery mechanisms have been compromised. The value add for package systems is signatures. |
|
|
Feel free to create a proof of concept if that's actually possible, then you'll be able to discuss it.
You'll likely also get incredible job offers as that would be a Goldmine for blackhats and various state actors